blob: 558fbbb5f34dc576446d3b7c8e3e143208069dce (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>Tobias Brunner found an authentication bypass vulnerability in
strongSwan, an IKE/IPsec suite.</p>
<p>Due to insufficient validation of its local state the server
implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin
can be tricked into successfully concluding the authentication without
providing valid credentials.</p>
<p>It's possible to recognize such attacks by looking at the server logs.
The following log message would be seen during the client
authentication:</p>
<p>EAP method EAP_MSCHAPV2 succeeded, no MSK established</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2015/dla-345.data"
# $Id$
|